Chaos Computer Club - All Systems Go! 2017 (low quality webm)https://media.ccc.de/c/asg2017
This feed contains all events from asg2017 as webmmostly cc-by-ncMon, 19 Mar 2018 14:15:51 -0000https://static.media.ccc.de/media/unknown.pngChaos Computer Club - All Systems Go! 2017 (low quality webm)https://media.ccc.de/c/asg2017
Portals, dynamic permissions in Flatpak (asg2017)https://media.ccc.de/v/ASG2017-114-portals_dynamic_permissions_in_flatpak
Desktop application sandboxing is quite different than traditional
container isolation, learn how flatpak does it, using the concept of
portals.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-114-eng-Portals_dynamic_permissions_in_Flatpak_webm-sd.webm?150861454099b10e9f-d577-421c-8a6b-4ae24c98b8422017-10-21T00:00:00+02:00Alexander LarssonNoASG2017, 114Desktop application sandboxing is quite different than traditional
container isolation, learn how flatpak does it, using the concept of
portals.
about this event: https://c3voc.de
00:41:12Software updates for connected Linux devices: key requirements (asg2017)https://media.ccc.de/v/ASG2017-122-software_updates_for_connected_linux_devices_key_requirements
A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.
As part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today. The key requirements found during this study can be split into the following areas we cover:
- Robustness
- Ease
- Performant
- Secure
- Extensible
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-122-eng-Software_updates_for_connected_Linux_devices_key_requirements_webm-sd.webm?15086172388069546e-0e69-4340-a2a7-f28b5b663de92017-10-21T00:00:00+02:00Drew Moseley NoASG2017, 122A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.
As part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today. The key requirements found during this study can be split into the following areas we cover:
- Robustness
- Ease
- Performant
- Secure
- Extensible
about this event: https://c3voc.de
00:25:07Which network to use when - Socket Intents (asg2017)https://media.ccc.de/v/ASG2017-138-which_network_to_use_when_-_socket_intents
Nowadays, most end devices have multiple network interfaces to connect to the Internet. They usually pick a statically configured default interface, such as WiFi, which they prefer over LTE when both are available, but this is not necessarily the choice that provides the best performance to the application. Socket Intents is a research prototype that addresses the problem of finding policies of which network interface to pick for what kind of traffic or application. It provides several networking APIs through which an application can specify its "Intents", i.e., what it knows or assumes about its own traffic. The prototype then decides which of the available network interfaces to use.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-138-eng-Which_network_to_use_when_-_Socket_Intents_webm-sd.webm?1508686394a3898a69-9035-48ec-8389-5ac7b3f12e7f2017-10-22T00:00:00+02:00Theresa EnghardtNoASG2017, 138Hacking the Socket API for fun and researchNowadays, most end devices have multiple network interfaces to connect to the Internet. They usually pick a statically configured default interface, such as WiFi, which they prefer over LTE when both are available, but this is not necessarily the choice that provides the best performance to the application. Socket Intents is a research prototype that addresses the problem of finding policies of which network interface to pick for what kind of traffic or application. It provides several networking APIs through which an application can specify its "Intents", i.e., what it knows or assumes about its own traffic. The prototype then decides which of the available network interfaces to use.
about this event: https://c3voc.de
00:39:56What's in a container? The OCI Answer (asg2017)https://media.ccc.de/v/ASG2017-157-what_s_in_a_container_the_oci_answer
The container has become one of the most overloaded industry buzzwords of the last five years. From Jails to LXC to Zones to systemd-nspawn Docker to rkt - there's an assortment of different tools on different platforms that call themselves containers, and no clear consensus what it means when it comes to distributing containers or implementing the underlying technical details. The Open Container Initiative was formed in 2015 to try to remedy this situation by establishing a shared set of container standards for different implementers to agree on. With representatives from all major server operating system platforms, the Initiative has made great strides towards specifying a truly interoperable container. The two key OCI projects recently hit their canonical 1.0 version; this talk will explain what OCI is and what that milestone means for the container ecosystem.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-157-eng-Whats_in_a_container_The_OCI_Answer_webm-sd.webm?1508689923205cb3b4-7d5d-40b6-81c6-9d4da046b47d2017-10-22T00:00:00+02:00Jon BoulleNoASG2017, 157The container has become one of the most overloaded industry buzzwords of the last five years. From Jails to LXC to Zones to systemd-nspawn Docker to rkt - there's an assortment of different tools on different platforms that call themselves containers, and no clear consensus what it means when it comes to distributing containers or implementing the underlying technical details. The Open Container Initiative was formed in 2015 to try to remedy this situation by establishing a shared set of container standards for different implementers to agree on. With representatives from all major server operating system platforms, the Initiative has made great strides towards specifying a truly interoperable container. The two key OCI projects recently hit their canonical 1.0 version; this talk will explain what OCI is and what that milestone means for the container ecosystem.
about this event: https://c3voc.de
00:10:33Streamlining systemd's code and safety (asg2017)https://media.ccc.de/v/ASG2017-124-streamlining_systemd_s_code_and_safety
Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking memory). At compilation, the cleanup functionality gets mapped to the same facilities that handle C++ destructors. So, essentially, we're already using a non-standard version of C++ as well as a non-standard version of C. We can end this charade by following in GCC's footsteps and <a href="https://lwn.net/Articles/542457/">explicitly using a subset of C++</a>. By doing so, we can shed thousands of lines of C-trying-to-be-C++. We can also improve memory safety and code readability -- <a href="https://medium.com/@davidtstrauss/choosing-some-c-over-c-f5acb3dce4f5">all while keeping the feel of C</a>.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-124-eng-Streamlining_systemds_code_and_safety_webm-sd.webm?1508615617b3a970c0-6c2d-4cf4-b118-dc74ddd2d8242017-10-21T00:00:00+02:00David StraussNoASG2017, 124Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking memory). At compilation, the cleanup functionality gets mapped to the same facilities that handle C++ destructors. So, essentially, we're already using a non-standard version of C++ as well as a non-standard version of C. We can end this charade by following in GCC's footsteps and <a href="https://lwn.net/Articles/542457/">explicitly using a subset of C++</a>. By doing so, we can shed thousands of lines of C-trying-to-be-C++. We can also improve memory safety and code readability -- <a href="https://medium.com/@davidtstrauss/choosing-some-c-over-c-f5acb3dce4f5">all while keeping the feel of C</a>.
about this event: https://c3voc.de
00:26:54Network troubleshooting in heterogeneous cloud environment with Skydive (asg2017)https://media.ccc.de/v/ASG2017-113-network_troubleshooting_in_heterogeneous_cloud_environment_with_skydive
With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.
Skydive is a real-time and post-mortem topology and packet analyzer. To do so, it listens for networking kernel events, monitors network namespaces, watches external components such as OVSDB and Docker. Skydive can make use of AF_PACKET or eBPF programs to capture traffic. Thanks to its classifier Skydive is able to map the network traffic with the topology.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-113-eng-Network_troubleshooting_in_heterogeneous_cloud_environment_with_Skydive_webm-sd.webm?1508616158ce9a7617-e017-4aa5-a712-7945365018482017-10-21T00:00:00+02:00Sylvain AfchainNoASG2017, 113With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.
Skydive is a real-time and post-mortem topology and packet analyzer. To do so, it listens for networking kernel events, monitors network namespaces, watches external components such as OVSDB and Docker. Skydive can make use of AF_PACKET or eBPF programs to capture traffic. Thanks to its classifier Skydive is able to map the network traffic with the topology.
about this event: https://c3voc.de
00:18:09Tango with systemd (asg2017)https://media.ccc.de/v/ASG2017-128-tango_with_systemd
Used by many major distributions, systemd is widely known in the desktop and
server world. But it is not so common to find it in embedded product.
In this talk, we will show how systemd can be a real benefit for the embedded
world; for both your sanity and your time.
We will discuss how systemd was integrated into Phantom, a speaker from
Devialet, and what was the pro and cons of using it.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-128-eng-Tango_with_systemd_webm-sd.webm?15086910423d639064-0826-4b34-89a8-dce2a336af582017-10-22T00:00:00+02:00Maxime HadjinlianNoASG2017, 128Used by many major distributions, systemd is widely known in the desktop and
server world. But it is not so common to find it in embedded product.
In this talk, we will show how systemd can be a real benefit for the embedded
world; for both your sanity and your time.
We will discuss how systemd was integrated into Phantom, a speaker from
Devialet, and what was the pro and cons of using it.
about this event: https://c3voc.de
00:22:17Modern deployment for Embedded Linux and IoT (asg2017)https://media.ccc.de/v/ASG2017-112-modern_deployment_for_embedded_linux_and_iot
In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or containers, and support constant updates will enhance the product's security, its longevity and all the offered services around it. In this regard, Linux containers are one of the mechanisms that may allow to solve some of the Embedded and IoT systems problems, however their adoption is still facing some challenges such how can these mechanisms fit in the final embedded environment ?
In order to improve container integration in the Embedded Linux world, we will explore in this presentation some upcoming systemd and Linux kernel features, notably a new Security Permission model for systemd, a new lightweight container environment that allows to deploy and sandbox portable applications, some new kernel hardening features that can be used by both containers and the kernel itself to protect the entire system. Additionally we will discuss how to apply constant updates, how we can integrate this with systemd, and how to update the entire system. Some of this or all of it is already or will be available by default in Yocto project. To conclude we will demonstrate some results on how to block real life vulnerabilities in such Embedded Linux systems.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-112-eng-Modern_deployment_for_Embedded_Linux_and_IoT_webm-sd.webm?1508672345dab1e9be-7bea-4997-a4d5-cde9097bc6832017-10-22T00:00:00+02:00Djalal HarouniNoASG2017, 112In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or containers, and support constant updates will enhance the product's security, its longevity and all the offered services around it. In this regard, Linux containers are one of the mechanisms that may allow to solve some of the Embedded and IoT systems problems, however their adoption is still facing some challenges such how can these mechanisms fit in the final embedded environment ?
In order to improve container integration in the Embedded Linux world, we will explore in this presentation some upcoming systemd and Linux kernel features, notably a new Security Permission model for systemd, a new lightweight container environment that allows to deploy and sandbox portable applications, some new kernel hardening features that can be used by both containers and the kernel itself to protect the entire system. Additionally we will discuss how to apply constant updates, how we can integrate this with systemd, and how to update the entire system. Some of this or all of it is already or will be available by default in Yocto project. To conclude we will demonstrate some results on how to block real life vulnerabilities in such Embedded Linux systems.
about this event: https://c3voc.de
00:26:57systemd @ Facebook — a year later (asg2017)https://media.ccc.de/v/ASG2017-126-systemd_facebook_a_year_later
We'll be talking about what we learned throughout the past year running systemd in production at Facebook: new challenges that have come up, how the integration process went and the areas of improvement we discovered. We'll also discuss our efforts building a monitoring solution for system services based on systemd.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-126-eng-systemd_Facebook_-_a_year_later_webm-sd.webm?1508613939673928f6-6777-4da7-aac3-e36dfea160632017-10-21T00:00:00+02:00Davide CavalcaNoASG2017, 126We'll be talking about what we learned throughout the past year running systemd in production at Facebook: new challenges that have come up, how the integration process went and the areas of improvement we discovered. We'll also discuss our efforts building a monitoring solution for system services based on systemd.
about this event: https://c3voc.de
00:40:25kube-spawn: testing multi-node Kubernetes clusters on Linux systems (asg2017)https://media.ccc.de/v/ASG2017-109-kube-spawn_testing_multi-node_kubernetes_clusters_on_linux_systems
kube-spawn is a tool to easily start a local, multi-node Kubernetes cluster on a Linux machine. While it was originally meant to be used mainly by developers of Kubernetes, it has been turned into a tool that is great for just trying Kubernetes out. In this talk, I will give a general introduction to kube-spawn and cover integration issues.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-109-eng-kube-spawn_testing_multi-node_Kubernetes_clusters_on_Linux_systems_webm-sd.webm?150867013392f88662-abe1-4083-b9c1-e1f124f19d2c2017-10-22T00:00:00+02:00Dongsu ParkNoASG2017, 109kube-spawn is a tool to easily start a local, multi-node Kubernetes cluster on a Linux machine. While it was originally meant to be used mainly by developers of Kubernetes, it has been turned into a tool that is great for just trying Kubernetes out. In this talk, I will give a general introduction to kube-spawn and cover integration issues.
about this event: https://c3voc.de
00:22:16Containers: What Did We Learn? (asg2017)https://media.ccc.de/v/ASG2017-100-containers_what_did_we_learn
Containers: love 'em or hate 'em -- whether you think they're the hottest new thing or yesteryear's same ideas in new clothing -- the both rapid and sustained rate of adoption of recent container technologies says one thing clearly: We Were Missing Something. But what, exactly? And have we found "it"? Or are we just beginning to uncover something new about the way we all, in our deepest hearts, wish computers would be? In this talk, we'll survey where containers came from, and question where they’re going: a discussion that crosses package management, releasing, deployment, immutability, reproducibility, and questions how meanings of all these things are now changing.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-100-eng-Containers_What_Did_We_Learn_webm-sd.webm?15086150284701a208-608c-44b7-ad04-5d708cc347da2017-10-21T00:00:00+02:00Eric MyhreNoASG2017, 100Containers: love 'em or hate 'em -- whether you think they're the hottest new thing or yesteryear's same ideas in new clothing -- the both rapid and sustained rate of adoption of recent container technologies says one thing clearly: We Were Missing Something. But what, exactly? And have we found "it"? Or are we just beginning to uncover something new about the way we all, in our deepest hearts, wish computers would be? In this talk, we'll survey where containers came from, and question where they’re going: a discussion that crosses package management, releasing, deployment, immutability, reproducibility, and questions how meanings of all these things are now changing.
about this event: https://c3voc.de
00:17:12cgroupv2: Linux's new unified control group hierarchy (asg2017)https://media.ccc.de/v/ASG2017-96-cgroupv2_linux_s_new_unified_control_group_hierarchy
cgroupv1 (or just "cgroups") has helped revolutionise the way that we manage and use containers over the past 8 years. A complete overhaul is coming -- cgroupv2. This talk will go into why a new control group system was needed, the changes from cgroupv1, and practical uses that you can apply to improve the level of control you have over the processes on your servers.
We will go over:
- Design decisions and deviations for cgroupv2 compared to v1
- Pitfalls and caveats you may encounter when migrating to cgroupv2
- Discussion of the internals of cgroupv2
- Practical information about how we are using cgroupv2 inside Facebook
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-96-eng-cgroupv2_Linuxs_new_unified_control_group_hierarchy_webm-sd.webm?15086694397c31fc34-cc78-40b3-b6d0-30bee6ca01c12017-10-22T00:00:00+02:00Chris DownNoASG2017, 96cgroupv1 (or just "cgroups") has helped revolutionise the way that we manage and use containers over the past 8 years. A complete overhaul is coming -- cgroupv2. This talk will go into why a new control group system was needed, the changes from cgroupv1, and practical uses that you can apply to improve the level of control you have over the processes on your servers.
We will go over:
- Design decisions and deviations for cgroupv2 compared to v1
- Pitfalls and caveats you may encounter when migrating to cgroupv2
- Discussion of the internals of cgroupv2
- Practical information about how we are using cgroupv2 inside Facebook
about this event: https://c3voc.de
00:40:46Containers without a Container Manager, with systemd (asg2017)https://media.ccc.de/v/ASG2017-101-containers_without_a_container_manager_with_systemd
systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-101-eng-Containers_without_a_Container_Manager_with_systemd_webm-sd.webm?15086158840386da26-f42d-4808-a965-a5f9a0469d792017-10-21T00:00:00+02:00Lennart PoetteringNoASG2017, 101systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.
about this event: https://c3voc.de
00:31:51State of the rkt container runtime (asg2017)https://media.ccc.de/v/ASG2017-123-state_of_the_rkt_container_runtime
rkt is a modern container runtime, built for security, efficiency, and composability. It is one of the container runtimes supported by Kubernetes but the current implementation (“rktnetes”) doesn’t support the Container Runtime Interface (CRI). The work-in-progress CRI implementation is called rktlet.
This presentation will give an update on the rkt project, what new features were implemented recently and what’s coming up. It will also give an update on the state of the rktlet: what features are missing and what workarounds should be removed before it becomes a complete implementation of the CRI.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-123-eng-State_of_the_rkt_container_runtime_webm-sd.webm?15086142522e65bd62-4bcd-4501-80f4-e0a9fe375ba72017-10-21T00:00:00+02:00Iago López GaleirasNoASG2017, 123rkt is a modern container runtime, built for security, efficiency, and composability. It is one of the container runtimes supported by Kubernetes but the current implementation (“rktnetes”) doesn’t support the Container Runtime Interface (CRI). The work-in-progress CRI implementation is called rktlet.
This presentation will give an update on the rkt project, what new features were implemented recently and what’s coming up. It will also give an update on the state of the rktlet: what features are missing and what workarounds should be removed before it becomes a complete implementation of the CRI.
about this event: https://c3voc.de
00:24:46Cyborg Teams (asg2017)https://media.ccc.de/v/ASG2017-130-cyborg_teams
n the Cockpit project we’ve done something amazing: We’ve built “robot” contributors to an Open Source project. “Cockpituous”, our project’s #5 contributor, is actually our automated team members.
Bots do the mundane tasks that would otherwise use up the time of human contributors. During the talk you can see them self-organizing, finding issues, contributing code changes, making decisions, releasing the software into Linux distros and containers. They work in a completely distributed, organic way, and run in containers.
We’ll talk about how humans are pair-programming with bots, and moving at a pace that would be unthinkable otherwise.
Treating the bots as team members is fundamental to achieving this. I’m excited to show you how to pull that off.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-130-eng-Cyborg_Teams_webm-sd.webm?1508681253f8f9b61b-e805-4780-af69-1e159f0fef092017-10-22T00:00:00+02:00Stef WalterNoASG2017, 130Happy humans, tired machinesn the Cockpit project we’ve done something amazing: We’ve built “robot” contributors to an Open Source project. “Cockpituous”, our project’s #5 contributor, is actually our automated team members.
Bots do the mundane tasks that would otherwise use up the time of human contributors. During the talk you can see them self-organizing, finding issues, contributing code changes, making decisions, releasing the software into Linux distros and containers. They work in a completely distributed, organic way, and run in containers.
We’ll talk about how humans are pair-programming with bots, and moving at a pace that would be unthinkable otherwise.
Treating the bots as team members is fundamental to achieving this. I’m excited to show you how to pull that off.
about this event: https://c3voc.de
00:49:45Really crazy container troubleshooting stories (asg2017)https://media.ccc.de/v/ASG2017-115-really_crazy_container_troubleshooting_stories
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-115-eng-Really_crazy_container_troubleshooting_stories_webm-sd.webm?1508613275ce05c4c7-d157-444d-812e-3c325024ba362017-10-21T00:00:00+02:00Gianluca BorelloNoASG2017, 115
about this event: https://c3voc.de
00:33:48Updating Embedded Systems -- Putting it all Together (asg2017)https://media.ccc.de/v/ASG2017-133-updating_embedded_systems_--_putting_it_all_together
Updating embedded systems reliably requires more than just the actual
update process. This presentation gives an overview of the overall design
and components needed for successful system updates.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-133-eng-Updating_Embedded_Systems_--_Putting_it_all_Together_webm-sd.webm?1508691729e829a025-7ad0-4ad0-8dd1-274490f7987f2017-10-22T00:00:00+02:00Michael OlbrichNoASG2017, 133Updating embedded systems reliably requires more than just the actual
update process. This presentation gives an overview of the overall design
and components needed for successful system updates.
about this event: https://c3voc.de
00:25:45Securing Home Automation with Tor (asg2017)https://media.ccc.de/v/ASG2017-119-securing_home_automation_with_tor
Today the technological worlds centralize principle is to automate each conceivable thing for simplicity in life, providing security,
saving electricity and time.
<cite>Home automation is “The Internet of Things"…The way that all of our devices and appliances will be networked together to provide us with a seamless control over all aspects of our home and more.</cite>
Also a step toward what is referred to as the "Internet of Things," in which everything has an assigned IP address, and can be monitored and accessed remotely.
The idea of automating each appliance in the home is done from many years ago, it started with connecting two electric wires to the battery and close the circuit by connecting load as a light.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-119-eng-Securing_Home_Automation_with_Tor_webm-sd.webm?1508616910468f5a67-1aab-492d-9aec-6ef220badc522017-10-21T00:00:00+02:00Kalyan DikshitNoASG2017, 119Be Safe. Be SecureToday the technological worlds centralize principle is to automate each conceivable thing for simplicity in life, providing security,
saving electricity and time.
<cite>Home automation is “The Internet of Things"…The way that all of our devices and appliances will be networked together to provide us with a seamless control over all aspects of our home and more.</cite>
Also a step toward what is referred to as the "Internet of Things," in which everything has an assigned IP address, and can be monitored and accessed remotely.
The idea of automating each appliance in the home is done from many years ago, it started with connecting two electric wires to the battery and close the circuit by connecting load as a light.
about this event: https://c3voc.de
00:23:53Opening (asg2017)https://media.ccc.de/v/ASG2017-141-opening
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-141-eng-Opening_webm-sd.webm?1508613076caeece7b-a23c-4863-ba1b-f3cdde62a1b32017-10-21T00:00:00+02:00NoASG2017, 141Check In and Say Hello!
about this event: https://c3voc.de
00:06:59Azure networking integration challenges (asg2017)https://media.ccc.de/v/ASG2017-93-azure_networking_integration_challenges
The introduction on Accelerated Networking on Azure created challenges integrating support in Linux distributions. The original method using bonding had issues that were solved by introducing a new mode called "Transparent VF". This mode solves issues with udev, cloudinit and distribution specific network initialization. This talk will also cover the process of how Linux support for Azure is integrated with upstreamand distributions.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-93-eng-Azure_networking_integration_challenges_webm-sd.webm?15086136487e4ff2e4-ae05-4473-bbd1-5074c4807aca2017-10-21T00:00:00+02:00Stephen HemmingerNoASG2017, 93The introduction on Accelerated Networking on Azure created challenges integrating support in Linux distributions. The original method using bonding had issues that were solved by introducing a new mode called "Transparent VF". This mode solves issues with udev, cloudinit and distribution specific network initialization. This talk will also cover the process of how Linux support for Azure is integrated with upstreamand distributions.
about this event: https://c3voc.de
00:29:15Using systemd for containers @ Facebook (asg2017)https://media.ccc.de/v/ASG2017-135-using_systemd_for_containers_facebook
To achieve faster and easier containerization at Facebook we have started utilizing Chef, Btrfs and Systemd to improve our container system. These tools helped us to design a robust base for our cluster management will allow us to concentrate more higher level functionality. Our version of image and task handling tries address some issues common both to Facebook and the industry.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-135-eng-Using_systemd_for_containers_Facebook_webm-sd.webm?1508664158e288c92d-3270-42c3-96bf-324fb41cfe212017-10-21T00:00:00+02:00Zeal Jagannatha, Zoltan PuskasNoASG2017, 135To achieve faster and easier containerization at Facebook we have started utilizing Chef, Btrfs and Systemd to improve our container system. These tools helped us to design a robust base for our cluster management will allow us to concentrate more higher level functionality. Our version of image and task handling tries address some issues common both to Facebook and the industry.
about this event: https://c3voc.de
00:29:54Closing (asg2017)https://media.ccc.de/v/ASG2017-156-closing
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-156-eng-Closing_webm-sd.webm?150869259795035f31-443b-42a4-9780-6b8fba2f24ea2017-10-22T00:00:00+02:00NoASG2017, 156Till the next time!
about this event: https://c3voc.de
00:14:32Rust memory management (asg2017)https://media.ccc.de/v/ASG2017-118-rust_memory_management
A quick introduction to the unique memory management concepts of Rust.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-118-eng-Rust_memory_management_webm-sd.webm?1508613369a7628d54-2031-4aab-b44b-7a7aab9848072017-10-21T00:00:00+02:00Zeeshan AliNoASG2017, 118A quick introduction to the unique memory management concepts of Rust.
about this event: https://c3voc.de
00:24:00Creating your own 1password clone (asg2017)https://media.ccc.de/v/ASG2017-158-creating_your_own_1password_clone
AgileBits, the company behind the 1password password manager, published a spec for their “opvault” format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they
don’t provide their tool.
In this talk we’ll see an overview of the design of the format, such as the key derivation or the decision to split the meta-data from the details such as username and passwords.
At the same time, the talk will follow the implementation of a library to read this format in Rust, which started as a way to practice the language but now has grown a GUI to display these entries so I can use the vault on my desktop.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-158-eng-Creating_your_own_1password_clone_webm-sd.webm?150868908345c050bc-4961-44ae-bae4-4334f0a631a62017-10-22T00:00:00+02:00Carlos Martín NietoNoASG2017, 158AgileBits, the company behind the 1password password manager, published a spec for their “opvault” format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they
don’t provide their tool.
In this talk we’ll see an overview of the design of the format, such as the key derivation or the decision to split the meta-data from the details such as username and passwords.
At the same time, the talk will follow the implementation of a library to read this format in Rust, which started as a way to practice the language but now has grown a GUI to display these entries so I can use the vault on my desktop.
about this event: https://c3voc.de
00:28:34Synchronizing images with casync (asg2017)https://media.ccc.de/v/ASG2017-125-synchronizing_images_with_casync
casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-125-eng-Synchronizing_images_with_casync_webm-sd.webm?15086812066d9e8e7e-9250-4c9e-a050-90234d40f8732017-10-22T00:00:00+02:00Lennart PoetteringNoASG2017, 125casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.
about this event: https://c3voc.de
00:46:43Building containers all day (asg2017)https://media.ccc.de/v/ASG2017-95-building_containers_all_day
Containers have become a popular way of packaging and running applications, especially for server applications using microservice architectures. As containers can be started in no time, building new container images replacing old ones has become the predominant way of applying updates. Having continuous delivery pipelines for building these images becomes a key problem. This talk will show how the Open Build Service provides a way to automate container builds including tracking updates and automatic rebuilds of dependent containers. This makes it easy to create secure and up to date containers all day.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-95-eng-Building_containers_all_day_webm-sd.webm?15086151679bff5ee1-1094-482d-b053-a62529e8566f2017-10-21T00:00:00+02:00Cornelius SchumacherNoASG2017, 95Containers have become a popular way of packaging and running applications, especially for server applications using microservice architectures. As containers can be started in no time, building new container images replacing old ones has become the predominant way of applying updates. Having continuous delivery pipelines for building these images becomes a key problem. This talk will show how the Open Build Service provides a way to automate container builds including tracking updates and automatic rebuilds of dependent containers. This makes it easy to create secure and up to date containers all day.
about this event: https://c3voc.de
00:16:08The IoT botnet wars, Linux devices, and the absence of basic security hardening (asg2017)https://media.ccc.de/v/ASG2017-129-the_iot_botnet_wars_linux_devices_and_the_absence_of_basic_security_hardening
We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Some of the fundamental security concepts we will cover include:
Closing unused open network ports
Intrusion detection systems
Enforcing password complexity and policies
Removing unnecessary services
Frequent software updates to fix bugs and patch security vulnerabilities
We will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-129-eng-The_IoT_botnet_wars_Linux_devices_and_the_absence_of_basic_security_hardening_webm-sd.webm?1508614028f0851394-22b0-440c-aafc-e8690fc1cf512017-10-21T00:00:00+02:00Drew Moseley NoASG2017, 129We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Some of the fundamental security concepts we will cover include:
Closing unused open network ports
Intrusion detection systems
Enforcing password complexity and policies
Removing unnecessary services
Frequent software updates to fix bugs and patch security vulnerabilities
We will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.
about this event: https://c3voc.de
00:28:42A gentle introduction to [e]BPF (asg2017)https://media.ccc.de/v/ASG2017-92-a_gentle_introduction_to_e_bpf
BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-92-eng-A_gentle_introduction_to_e_BPF_webm-sd.webm?1508615712b607796c-ce58-43ee-afbd-f5fe2008ac662017-10-21T00:00:00+02:00Michael SchubertNoASG2017, 92BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.
about this event: https://c3voc.de
00:25:54Cockpit: A Linux sysadmin session in your Browser (asg2017)https://media.ccc.de/v/ASG2017-99-cockpit_a_linux_sysadmin_session_in_your_browser
Cockpit is an open source project that has built the new system admin UI for Linux. It turns Linux server into something discoverable and usable. Its goal is to remove the steep learning curve for Linux deployments.
Cockpit lets you immediately dive into things like storage, network configuration, system log diagnosis, container troubleshooting and Kubernetes orchestration. All while being zero-footprint: It goes away when not in use. Cockpit interacts well with other management configuration tools, it reacts instantly to system changes made elsewhere.
We'll look at how Cockpit is an actual linux user session that you drive through your browser, running with user privileges, and accesses to the native system APIs and tools.
You'll be able to build new pieces of sysadmin UI as fast as you write a shell script. In fact we'll do it on stage in a few minutes.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-99-eng-Cockpit_A_Linux_sysadmin_session_in_your_Browser_webm-sd.webm?15086142853e4263fb-2d17-486b-8f41-24b19ef64ffb2017-10-21T00:00:00+02:00Stef WalterNoASG2017, 99Cockpit is an open source project that has built the new system admin UI for Linux. It turns Linux server into something discoverable and usable. Its goal is to remove the steep learning curve for Linux deployments.
Cockpit lets you immediately dive into things like storage, network configuration, system log diagnosis, container troubleshooting and Kubernetes orchestration. All while being zero-footprint: It goes away when not in use. Cockpit interacts well with other management configuration tools, it reacts instantly to system changes made elsewhere.
We'll look at how Cockpit is an actual linux user session that you drive through your browser, running with user privileges, and accesses to the native system APIs and tools.
You'll be able to build new pieces of sysadmin UI as fast as you write a shell script. In fact we'll do it on stage in a few minutes.
about this event: https://c3voc.de
00:25:49kubernetes for toasters? (asg2017)https://media.ccc.de/v/ASG2017-108-kubernetes_for_toasters
Potential solutions to achieving containerization on constrained devices.
1. Why?
2. a content addressable elf linker (bolter)
3. space efficient container imaging (korhal)
4. oci compliant runtime (railcar)
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-108-eng-kubernetes_for_toasters_webm-sd.webm?1508668665ad460eb9-229b-4396-aa73-b64530c371832017-10-22T00:00:00+02:00Arvid E. PiccianiNoASG2017, 108potential solutions to achieving containerization on constrained devices.Potential solutions to achieving containerization on constrained devices.
1. Why?
2. a content addressable elf linker (bolter)
3. space efficient container imaging (korhal)
4. oci compliant runtime (railcar)
about this event: https://c3voc.de
00:30:40Introducing Bluetooth Mesh (asg2017)https://media.ccc.de/v/ASG2017-105-introducing_bluetooth_mesh
Bluetooth technology has been extended with a brand new mesh feature. This presentation gives an introduction to Bluetooth Mesh and its impacts on the ecosystem. It shows the new and exciting use cases that a mesh enabled Bluetooth low energy enables. The presentation will also put a focus on Linux and Zephyr operating systems and its integration with Bluetooth Mesh.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-105-eng-Introducing_Bluetooth_Mesh_webm-sd.webm?1508685631b03c36c2-b9aa-4dfd-961b-6e49d54e32002017-10-21T00:00:00+02:00Marcel HoltmannNoASG2017, 105Bluetooth technology has been extended with a brand new mesh feature. This presentation gives an introduction to Bluetooth Mesh and its impacts on the ecosystem. It shows the new and exciting use cases that a mesh enabled Bluetooth low energy enables. The presentation will also put a focus on Linux and Zephyr operating systems and its integration with Bluetooth Mesh.
about this event: https://c3voc.de
00:40:35Incremental Adoption of Open Services with Habitat (asg2017)https://media.ccc.de/v/ASG2017-104-incremental_adoption_of_open_services_with_habitat
Open services mark a paradigm shift similar to the disruption caused by open-source software in the 90s, but the path to effective adoption of open services tooling is sometimes unclear. Blake will share patterns and learnings from his experience integrating one such tool, Habitat, at smartB GmbH.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-104-eng-Incremental_Adoption_of_Open_Services_with_Habitat_webm-sd.webm?15086134569a8b4062-675f-49ac-a6c9-52f151bf56162017-10-21T00:00:00+02:00Blake IrvinNoASG2017, 104Open services mark a paradigm shift similar to the disruption caused by open-source software in the 90s, but the path to effective adoption of open services tooling is sometimes unclear. Blake will share patterns and learnings from his experience integrating one such tool, Habitat, at smartB GmbH.
about this event: https://c3voc.de
00:14:29Journal as a Storage and Other Adventures in User Session Recording (asg2017)https://media.ccc.de/v/ASG2017-107-journal_as_a_storage_and_other_adventures_in_user_session_recording
See how Red Hat's Session Recording project is using Systemd Journal to store and playback recordings of terminal sessions. Wonder at the challenges the project faces, such as dealing with various terminal types, character encodings, random playback positioning, etc.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-107-eng-Journal_as_a_Storage_and_Other_Adventures_in_User_Session_Recording_webm-sd.webm?1509221173315b1078-9f98-41db-a8f9-2962f2c3b65b2017-10-22T00:00:00+02:00Nikolai KondrashovNoASG2017, 107See how Red Hat's Session Recording project is using Systemd Journal to store and playback recordings of terminal sessions. Wonder at the challenges the project faces, such as dealing with various terminal types, character encodings, random playback positioning, etc.
about this event: https://c3voc.de
00:24:37Insecure containers? (asg2017)https://media.ccc.de/v/ASG2017-160-insecure_containers
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-160-eng-Insecure_containers_webm-sd.webm?150868900224be9e28-e48f-46c6-a7da-df5c83e7945f2017-10-22T00:00:00+02:00Andrew MartinNoASG2017, 160
about this event: https://c3voc.de
00:39:27Building a secure boot chain to userland (asg2017)https://media.ccc.de/v/ASG2017-140-building_a_secure_boot_chain_to_userland
Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-140-eng-Building_a_secure_boot_chain_to_userland_webm-sd.webm?1508689582fa595475-4159-438a-aa03-735331373a152017-10-22T00:00:00+02:00Matthew GarrettNoASG2017, 140Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?
about this event: https://c3voc.de
00:29:38High-performance Linux monitoring with eBPF (asg2017)https://media.ccc.de/v/ASG2017-139-high-performance_linux_monitoring_with_ebpf
Extended Berkeley Packet Filter (eBPF) allows for high-performance introspection of the Linux kernel execution. eBPF is widely available (part of the mainline kernel and enabled by most distributions), flexible (any kernel code path can be probed) and safe (driven from userspace and statically verified). In this talk, I will introduce eBPF, explaining how it can be used to track TCP connections in real time. On the way I will demonstrate it is possible to access eBPF from languages other than C (Golang) and remove undesirable runtime dependencies (LLVM compiler and kernel-headers). At Weaveworks we are using eBPF for the connection-tracker of the Weave Scope visualization tool.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-139-eng-High-performance_Linux_monitoring_with_eBPF_webm-sd.webm?1508684804dc224041-cb12-4890-bbb5-f7931e2f21d82017-10-21T00:00:00+02:00Alfonso AcostaNoASG2017, 139Extended Berkeley Packet Filter (eBPF) allows for high-performance introspection of the Linux kernel execution. eBPF is widely available (part of the mainline kernel and enabled by most distributions), flexible (any kernel code path can be probed) and safe (driven from userspace and statically verified). In this talk, I will introduce eBPF, explaining how it can be used to track TCP connections in real time. On the way I will demonstrate it is possible to access eBPF from languages other than C (Golang) and remove undesirable runtime dependencies (LLVM compiler and kernel-headers). At Weaveworks we are using eBPF for the connection-tracker of the Weave Scope visualization tool.
about this event: https://c3voc.de
00:24:37Using BPF in Kubernetes (asg2017)https://media.ccc.de/v/ASG2017-134-using_bpf_in_kubernetes
In this talk, I will present different use cases for using BPF in a Kubernetes cluster. BPF is a Linux in-kernel virtual machine and there are different kinds of BPF programs for different subsystems that will be considered: kprobes, traffic control, cgroups, LSM. I’ll follow with concrete examples, such as Weave Scope’s HTTP Statistics plugin. Finally, I’ll share tips and tricks on how to develop your own BPF programs in Kubernetes with the libraries bcc and gobpf, and show ways of easily test those with SemaphoreCI and rkt.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-134-eng-Using_BPF_in_Kubernetes_webm-sd.webm?1508671867676ab243-3f7c-42fa-af93-4eff53ecd3902017-10-22T00:00:00+02:00Alban CrequyNoASG2017, 134Linux superpowers in the cloudIn this talk, I will present different use cases for using BPF in a Kubernetes cluster. BPF is a Linux in-kernel virtual machine and there are different kinds of BPF programs for different subsystems that will be considered: kprobes, traffic control, cgroups, LSM. I’ll follow with concrete examples, such as Weave Scope’s HTTP Statistics plugin. Finally, I’ll share tips and tricks on how to develop your own BPF programs in Kubernetes with the libraries bcc and gobpf, and show ways of easily test those with SemaphoreCI and rkt.
about this event: https://c3voc.de
00:23:16Getting Started with Habitat (asg2017)https://media.ccc.de/v/ASG2017-103-getting_started_with_habitat
Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications—regardless of their complexity on whatever infrastructure you prefer, from physical hardware and virtual machines to containers and everything in between. This session will show you how to build and run your own application. You will learn how scaffolding helps you quickly and easily package your application. Explore the build system used for generating Habitat artifacts. Run an application using the Habitat supervisor. This is the talk for anyone who's just learning about Habitat or those that are interested in seeing some of the newer features of the framework.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-103-eng-Getting_Started_with_Habitat_webm-sd.webm?1508613877cc553688-027c-4013-8960-d8031c4916b32017-10-21T00:00:00+02:00Jamie WinsorNoASG2017, 103Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications—regardless of their complexity on whatever infrastructure you prefer, from physical hardware and virtual machines to containers and everything in between. This session will show you how to build and run your own application. You will learn how scaffolding helps you quickly and easily package your application. Explore the build system used for generating Habitat artifacts. Run an application using the Habitat supervisor. This is the talk for anyone who's just learning about Habitat or those that are interested in seeing some of the newer features of the framework.
about this event: https://c3voc.de
00:42:52Unbreaking reloads: strategies for fast and non-blocking reconfiguration (asg2017)https://media.ccc.de/v/ASG2017-131-unbreaking_reloads_strategies_for_fast_and_non-blocking_reconfiguration
When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things urgently need PID 1's attention. There are ways to fix this up, but we'll need to move away from stopping the world (the main event loop), throwing out most loaded state, reloading state, and then resuming event handling.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-131-eng-Unbreaking_reloads_strategies_for_fast_and_non-blocking_reconfiguration_webm-sd.webm?150867025250b0f588-6b2b-46ae-9365-de4bbc3f76ac2017-10-22T00:00:00+02:00David StraussNoASG2017, 131When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things urgently need PID 1's attention. There are ways to fix this up, but we'll need to move away from stopping the world (the main event loop), throwing out most loaded state, reloading state, and then resuming event handling.
about this event: https://c3voc.de
00:30:39Landlock LSM: Towards unprivileged sandboxing (asg2017)https://media.ccc.de/v/ASG2017-110-landlock_lsm_towards_unprivileged_sandboxing
Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal “to empower any process, including unprivileged ones, to securely restrict themselves.” This presentation will give an overview on what Landlock is, discuss the current status of the patchset and demonstrate how Landlock works, as well as its differences compared to other Linux security modules.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-110-eng-Landlock_LSM_Towards_unprivileged_sandboxing_webm-sd.webm?150861630933ac18b7-146e-4445-a617-a0e6f83407d52017-10-21T00:00:00+02:00Michael SchubertNoASG2017, 110Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal “to empower any process, including unprivileged ones, to securely restrict themselves.” This presentation will give an overview on what Landlock is, discuss the current status of the patchset and demonstrate how Landlock works, as well as its differences compared to other Linux security modules.
about this event: https://c3voc.de
00:19:45Meson and the changing Linux build landscape (asg2017)https://media.ccc.de/v/ASG2017-111-meson_and_the_changing_linux_build_landscape
The Meson build system has been picking up steam this year and many
fundamental projects have transitioned to it from their old build
systems. In this talk we shall look at the advantages and disadvantages these transitions have brought, what we can expect from the future of build systems and what effect this change may have on the larger Linux ecosystem.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-111-eng-Meson_and_the_changing_Linux_build_landscape_webm-sd.webm?150868567222578f18-885b-4dce-a952-32ea3973ca152017-10-22T00:00:00+02:00Jussi PakkanenNoASG2017, 111The Meson build system has been picking up steam this year and many
fundamental projects have transitioned to it from their old build
systems. In this talk we shall look at the advantages and disadvantages these transitions have brought, what we can expect from the future of build systems and what effect this change may have on the larger Linux ecosystem.
about this event: https://c3voc.de
00:38:18What If Component xxx Dies? Introducing Self-Healing Kubernetes (asg2017)https://media.ccc.de/v/ASG2017-137-what_if_component_xxx_dies_introducing_self-healing_kubernetes
Kubernetes promises healing your application on all kinds of failure scenarios, but why not self-heal Kubernetes itself?
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-137-eng-What_If_Component_xxx_Dies_Introducing_Self-Healing_Kubernetes_webm-sd.webm?1508664435c9bc9801-e067-40e7-a6b7-3c0bd5792ba82017-10-22T00:00:00+02:00Max Leonard IndenNoASG2017, 137Kubernetes promises healing your application on all kinds of failure scenarios, but why not self-heal Kubernetes itself?
about this event: https://c3voc.de
00:21:02Virtualization: what changed in the last decade (asg2017)https://media.ccc.de/v/ASG2017-136-virtualization_what_changed_in_the_last_decade
Containers are pretty cool, but in scenarios where they don't satisfy all the requirements, service providers still rely on virtualization. Hardware virtualization became mainstream 1 decade ago and it never stopped evolving. I even dare to say that virtualization is not boring anymore!
In this presentation I will talk about the most significant hardware changes in the virtualization world.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-136-eng-Virtualization_what_changed_in_the_last_decade_webm-sd.webm?150868797927118229-ee0d-4edd-9771-9858ae27222b2017-10-22T00:00:00+02:00Hugo Tavares ReisNoASG2017, 136Containers are pretty cool, but in scenarios where they don't satisfy all the requirements, service providers still rely on virtualization. Hardware virtualization became mainstream 1 decade ago and it never stopped evolving. I even dare to say that virtualization is not boring anymore!
In this presentation I will talk about the most significant hardware changes in the virtualization world.
about this event: https://c3voc.de
00:42:09Update on new WiFi daemon for Linux (asg2017)https://media.ccc.de/v/ASG2017-132-update_on_new_wifi_daemon_for_linux
This presentation is about a new 802.11 wireless daemon for Linux. It is a lightweight daemon handling all aspects around WiFi support for Linux. It is designed with a tiny footprint for IoT use cases in mind. After its initial release last year, this provides the update on the progress and its integration into ConnMan and Network Manager.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-132-eng-Update_on_new_WiFi_daemon_for_Linux_webm-sd.webm?1508688503196e78e5-f6c5-42b0-84a9-f05428ddd5502017-10-22T00:00:00+02:00Marcel HoltmannNoASG2017, 132This presentation is about a new 802.11 wireless daemon for Linux. It is a lightweight daemon handling all aspects around WiFi support for Linux. It is designed with a tiny footprint for IoT use cases in mind. After its initial release last year, this provides the update on the progress and its integration into ConnMan and Network Manager.
about this event: https://c3voc.de
00:31:12Fix, forget, or forge a new path? (asg2017)https://media.ccc.de/v/ASG2017-159-fix_forget_or_forge_a_new_path
As Infrastructure operators we're exposed to a lot of plumbing and not a lot of porcelain. Worse, because our concerns are often esoteric (in the eyes of application developers) we have to fix our own pipes too. Often this leads to the "homeowners dilemma"... Making the call of when to patch things up, when to rip out the pipes, and when to abandon gas lamps for electricity.
We outline a number of aging pipes, proposed (and implemented) solutions, and ideas for dragging our systems into the future.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-159-eng-Fix_forget_or_forge_a_new_path_webm-sd.webm?150861527103ab4598-0b7e-465a-a2fa-fddbeec87eb72017-10-21T00:00:00+02:00Brian 'redbeard' HarringtonNoASG2017, 159As Infrastructure operators we're exposed to a lot of plumbing and not a lot of porcelain. Worse, because our concerns are often esoteric (in the eyes of application developers) we have to fix our own pipes too. Often this leads to the "homeowners dilemma"... Making the call of when to patch things up, when to rip out the pipes, and when to abandon gas lamps for electricity.
We outline a number of aging pipes, proposed (and implemented) solutions, and ideas for dragging our systems into the future.
about this event: https://c3voc.de
00:37:34Reproducible Builds - where do we want to go tomorrow? (asg2017)https://media.ccc.de/v/ASG2017-117-reproducible_builds_-_where_do_we_want_to_go_tomorrow
A status report on Reproducible builds, which enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries.
about this event: https://c3voc.de
Sat, 21 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-117-eng-Reproducible_Builds_-_where_do_we_want_to_go_tomorrow_webm-sd.webm?15086151016e29a1b5-3673-44e0-9519-51e4b553ee022017-10-21T00:00:00+02:00Holger LevsenNoASG2017, 117We've made lots of progress, but we are still far from our goals of changing the (software) worldA status report on Reproducible builds, which enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries.
about this event: https://c3voc.de
00:37:03Simulate hardware for integration testing (asg2017)https://media.ccc.de/v/ASG2017-121-simulate_hardware_for_integration_testing
How to get a slightly broken hard disk for testing file systems or udisks? A wifi access point which supports the old 802.11b standard for writing a test case for NetworkManager? Downloading a photo from a particular camera model which you don't own, but got a libgphoto bug report for? In this hands-on presentation and live demo of various Linux kernel and userspace tools I will show you how.
about this event: https://c3voc.de
Sun, 22 Oct 2017 00:00:00 +0200https://cdn.media.ccc.de/events/all_systems_go/2017/webm-sd/ASG2017-121-eng-Simulate_hardware_for_integration_testing_webm-sd.webm?150867226549a6ce08-7503-47f3-af1a-b14520f1e1f22017-10-22T00:00:00+02:00Martin PittNoASG2017, 121How to get a slightly broken hard disk for testing file systems or udisks? A wifi access point which supports the old 802.11b standard for writing a test case for NetworkManager? Downloading a photo from a particular camera model which you don't own, but got a libgphoto bug report for? In this hands-on presentation and live demo of various Linux kernel and userspace tools I will show you how.
about this event: https://c3voc.de
00:25:44media.ccc.de / RSS 0.2.7CCC media teammedia@koeln.ccc.deCCC media teamNoCCC Congress Hacking Security NetzpolitikA wide variety of video material distributed by the CCC. All content is taken from cdn.media.ccc.de and media.ccc.deA wide variety of video material distributed by the Chaos Computer Club.This feed contains all events from asg2017 as webm